- (1) https://mobile.twitter.com/James_inthe_box/status/1234502259414749184
- (2) https://mobile.twitter.com/DynamicAnalysis/status/1234998504453361666
- (3) https://mobile.twitter.com/unpacker/status/1170677293926080512
- (4) https://marcoramilli.com/2019/12/05/apt28-attacks-evolution/
- (5) (CTI) https://www.clearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign-v1.pdf
- (6) https://mobile.twitter.com/Vishnyak0v/status/1197129423830626318
- (7) (INTELREP) https://www.foo.be/cours/dess-20192020/pub/gru/
- (8) (CTI/OPS ITSEC) CVE-2019-17549 - https://cve.circl.lu/cve/CVE-2019-17549
- (9) (CTI) https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/
- (10) (disinformation) https://sputniknews.com/europe/202003041078470302-eu-move-to-let-greta-thunberg-speak-despite-coronavirus-ban-hits-raw-nerve-with-meps/
- (11) (disinformation) https://sputniknews.com/middleeast/202003041078468686-the-west-ignores-turkeys-illegal-deployment-of-troops-to-syrias-idlib-russian-military/
- (12) (CTI) https://mobile.twitter.com/benkow_/status/1226142113102016514
- (13) (CTI) https://krebsonsecurity.com/2020/03/french-firms-rocked-by-kasbah-hacker/
- (14) (INTELREP) https://www.bellingcat.com/news/2020/02/25/an-officer-and-a-diplomat-the-strange-case-of-the-gru-spy-with-a-red-notice/
- (1) https://mobile.twitter.com/James_inthe_box/status/1229509229267972097
- (2) https://mobile.twitter.com/JAMESWT_MHT/status/1220372289876824064
- (3) https://mobile.twitter.com/unpacker/status/1170677293926080512
- (4) https://mobile.twitter.com/RedDrip7/status/1186494913279430656
- (5) https://www.clearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign-v1.pdf
- (6) https://blog.scrt.ch/2020/02/11/sonicwall-sra-and-sma-vulnerabilties/
- (7) https://www.foo.be/cours/dess-20192020/pub/gru/
- (8) CVE-2019-11813 - https://cve.circl.lu/cve/CVE-2019-11813
- (9) https://www.welivesecurity.com/2020/01/31/winnti-group-targeting-universities-hong-kong/
- (1) https://mobile.twitter.com/James_inthe_box/status/1195354125950689280
- (2) https://mobile.twitter.com/1ZRR4H/status/1201249017549729793
- (3) https://twitter.com/Int2e_/status/1192206123451011072
- (4) https://www.foo.be/cours/dess-20192020/pub/gru/
- (5) https://blog.telsy.com/lazarus-gate/
- (6) https://app.any.run/tasks/8286e7e1-710a-4570-805d-8a03395caa31/
- (7) https://www.crowdstrike.com/resources/wp-content/brochures/reports/huge-fan-of-your-work-intelligence-report.pdf
- (8) https://www.cert.ssi.gouv.fr/uploads/CERTFR-2019-CTI-005.pdf - https://mobile.twitter.com/CERT_FR/status/1181238695309053953
- (9) https://www.us-cert.gov/ncas/analysis-reports/ar19-304a
- (10) USB key with evidences
- (1) https://www.sentinelone.com/blog/fin6-frameworkpos-point-of-sale-malware-analysis-internals/
- (2) https://meltx0r.github.io/tech/2019/09/19/emissary-panda-apt.html
- (3) https://lab52.io/blog/winnti-group-geostrategic-analysis-and-ttp/
- (4) https://twitter.com/Rmy_Reserve/status/1175989476155215878
- (5) https://twitter.com/craiu/status/1176437943369703424
- (6) https://www.welivesecurity.com/2019/09/24/no-summer-vacations-zebrocy/
- (7) https://twitter.com/chybeta/status/1176165964196376576
- (8) https://www.cricketage.in/2018/09/13/exposed-slc-attempted-fraud-is-of-11-1-million-dollars-three-employees-involved/
- (9) https://blog.trendmicro.com/trendlabs-security-intelligence/mac-malware-that-spoofs-trading-app-steals-user-information-uploads-it-to-website/